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EXAMINER'S AMENDMENT 

An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with Robert Popa (Reg# 43,010) on 1 March 2007. 

The application has been amended as follows: 

Claim 7. A method according to any one of th e pr e c e d i ng claims 1-5 , wherein at 
least some of said certificates used in proving a determined trust chain as found have 
associated validity data, the method comprising the further step of traversing the trust 
chain in a forwards direction from the trusted attribute delegation that grounds it and 
combining the validity data of all certificates involved to determine the validity of the 
overall attribute delegation represented by the chain. 

Claim 9. A method according to any one of th e pr e c e d i ng claims 1-5 , wherein an 
attribute-delegation certificate used to prove a said subgoal has a subject-directed 
condition associated with it requiring that a specified subject must have a particular 
attribute in order for the delegation to be valid, and wherein the process of (b) further 
comprises: 

making said subject-directed condition a further subgoal to be proved for the. 
current chain being followed. 
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Claim 11. A method of selecting certificates to be sent to a resource which requires 
proof that a subject has a particular attribute before allowing use of the resource, 
comprising: 

finding a trust chain by the method of any one of claims 1 to [[7]] 5 in respect of 
said subject and an issuer known, or likely, to be trusted by said resource; and 

selecting for sending to said resource certificates associated with a trust chain, if 
any, thereby found. 

Claim 12. A method of determining whether a resource requiring a user to have at 
least one predetermined attribute, is usable by a subject presenting certificates to the 
resource, comprising: 

finding a trust chain by the method of any one of claims 1 to [[7]] 5 in respect of 
said subject and an issuer known and trusted by said resource; and 

determining that use of the resource by the subject is permitted if a trust chain 
can be found. 

Claim 19. A system according to any one of claims 13-[[18]] 17, wherein at least 
some of said certificates used in proving a determined trust chain as found have 
associated validity data, the processor further for traversing the trust chain in a forwards 
direction from the trusted attribute delegation that grounds it and combining the validity 
data of all certificates involved to determine the validity of the overall attribute delegation 
represented by the chain. 

Claim 21 . A system according to any one of claims 13-[[20]] 17, wherein an attribute- 
delegation certificate used to prove a said subgoal has a subject-directed condition 
associated with it requiring that a specified subject must have a particular attribute in 
order for the delegation to be valid, and wherein seeking a backwards proof further 
comprises: 

making said subject-directed condition a further subgoal to be proved for the 
current chain being followed. 
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Claim 23. A system according to any one of claims 13-[[18]] 17, wherein said 
, processor is further for selecting certificates to be sent to a resource which requires 
proof that a subject has a particular attribute before allowing use of the resource by: 

finding a trust chain in respect of said subject and an issuer known, or likely, to 
be trusted by said resource; and 

selecting for sending to said resource certificates associated with a trust chain, if 
any, thereby found. 

Claim 24. A system according to any one of claims 1 3-[[1 8]] 17, wherein said 
processor is further for determining whether a resource requiring a user to have at least 
one predetermined attribute is usable by a subject presenting certificates to the 
resource, by: 

finding a trust chain in respect of said subject and an issuer known and trusted 
by said resource; and 

determining that use of the resource by the subject is permitted if a trust chain 
can be found. 

Claim 31 . A computer program product according to any one of claims 25-[[30]] 29, 
wherein at least some of said certificates used in proving a determined trust chain as 
found have associated validity data, the method further comprising traversing the trust 
chain in a forwards direction from the trusted attribute delegation that grounds it and 
combining the validity data of all certificates involved to determine the validity of the 
overall attribute delegation represented by the chain. 

Claim 32. A computer program product according to claim [[19]] 31* wherein 
determining that a trust chain has been found comprises storing the state of the seeking 
of a backwards proof prior to checking the validity of the trust chain found, this state 
being used to continue the process should the check of the validity of the initially found 
chain show that the chain is not valid. 
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Claim 33. A computer program product according to any one of claims 25-[[32]] 29, 
wherein an attribute-delegation certificate used to prove a said subgoal has a subject- 
directed condition associated with it requiring that a specified subject must have a 
particular attribute in order for the delegation to be valid, and wherein seeking a 
backwards proof further comprises: 

making said subject-directed condition a further subgoal to be proved for the 
current chain being followed. 

Claim 35. A computer program product according to any one of claims 25-[[30]] 29 
and further for selecting certificates to be sent to a resource which requires proof that a 
subject has a particular attribute before allowing use of the resource, by: 

finding a trust chain in respect of said subject and an issuer known, or likely, to 
be trusted by said resource; and 

selecting for sending to said resource certificates associated with a trust chain, if 
: any, thereby found. 

Claim 36. A computer program product according to any one of claims 25-[[30]] 29 
and further for determining whether a resource requiring a user to have at least one 
predetermined attribute is usable by a subject presenting certificates to the resource, 

; by: 

finding a trust chain in respect of said subject and an issuer known and trusted 
by said resource; and 

determining that use of the resource by the subject is permitted if a trust chain can be 
found. 



Claims 1-36 are allowed. 
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The following is an examiner's statement of reasons for allowance: Applicant's 
arguments filed in the appeal brief received 1 1/22/2006 are persuasive. The cited prior 
art fails to anticipate or render obvious claims 1-36 for the reasons cited therein. 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Andrew L. Nalven whose telephone number is 571 272 
3839. The examiner can normally be reached on Monday - Thursday 8-6, Alternate 
Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on 571 272 381 1 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 





